tele9752wikiaorg-20200213-history
Xx8L
Background: Know: Recognize: Malicious attack, accident, hash function, checksum Causes 1: Accidents vs malice Malicious attack: In terms of computing, a malicious attack can be any physical or electronic action taken with the intent of aquiring, destroying, modifying, or accessing a user's data without permission. Physical attacks typically mean either the theft of hardware storing personal/confidential information or the destruction of said hardware. Electronic attacks involve unauthorized access or unauthorized modification of the user's computer. Deliberate malicious attack vs accidents: Malicious attack and accidents always have the same consequences. Malicious attack can steal personal information and reduce the functionality of the target computer. Meanwhile, accidents happen occasionally, and the sequence is that the service is unavailable or the value of the information has been changed, which is similar with the malicious attack. The same mechanisms can be used to deal with both of them, such as setting up proper process and procedures to ensure orderly operations, assigning access priviledges only to those who actually need these privileges for their immediate job function, establishing audit trails, themselves secured properly, requiring secure password (change at regular intervals) and setting up proper facilities for backup and restore of critical management data. Therefore, this part is an intersection of dependablity and security. However, malicious attack and accidents may have different profiles. For example, accidents such as bit errors can be random. Bit errors may affect each bit equally, but it is impossible to change one sentence into another. While, malicious attack can be much more serious than accidents, which needs stronger protection in terms of security issue. Hence, in order to secure your network from threats, such as hacker attacks, the spread of worms and viruses, and malicious intrusion attempts, we can take measures such as ensuring that management interfaces of network devices are not open to people from outside, as well as maintaining security audit trails that record all operations and attempted operations on network elements. Meanwhile, Intrusion detection involves monitoring traffic on the network can be used to detect suspicious traffic pattern that could indicate an ongoing attack. In addition, outright blocking is another option that can be implemented by “black lists” that are built and managed by the provider. Blocking when done extensively requires black list management, remediation, and expiration policies to ensure that entities on the black list are able to escalate and prove their legitimacy and so be removed from the black list. Moreover, users, devices, and apps can be asked to prove their legitimacy through “proofs” that force them to verify that they are human (e.g. CAPTCHA) or verify their identity (e.g. SMS or voice mail based code). At last, honey pots are more recent technology to collect information about security vulnerabilities in a network to help better defend it. In order to check and protect the integrity for information, hash function and checksum can be used. Hash fuction: A hash fuction is any algorithm or subroutine that maps large data sets of variable length, called keys, to smaller data sets of a fixed length. Actually, secure hash function is a deterministic procedure which carries an arbitrary block of data and returns a bit string. Whereas, checksum is a datum(fixed-size) computed from an arbitrary block of digital data for detecting accidental errors may happen when transmit or storage. See also http://www.andrew.cmu.edu/user/kmmedlin/malicious_attacks_information.html http://en.wikipedia.org/wiki/Computer_worm Hash function Checksum Corresponding TELE9752 lecture slides References A. Clemm: Network Management Fundamentals, Cisco Press, 2006 D. Comer: Automated Network Management Systems: Current and Future Capacities, Pearson, 2007 Category:All